US9565158B1ActiveUtility

Systems and methods for automatically configuring virtual private networks

88
Assignee: COOLEY SHAUNPriority: Jun 14, 2012Filed: Jun 14, 2012Granted: Feb 7, 2017
Est. expiryJun 14, 2032(~5.9 yrs left)· nominal 20-yr term from priority
Inventors:Shaun Cooley
H04L 63/0272H04L 61/2015H04L 61/5014H04W 12/03H04L 63/0823H04W 84/12
88
PatentIndex Score
11
Cited by
10
References
20
Claims

Abstract

A computer-implemented method for automatically configuring virtual private networks may include 1) broadcasting by a client on a network to discover a virtual private network server configured to manage virtual private networks, 2) discovering, by the client in response to the broadcast, the virtual private network server, 3) establishing a secure connection between the client and the virtual private network server in response to the discovery, and 4) receiving, by the client from the virtual private network server through the secure connection, configuration settings that enable the client to automatically connect to a virtual private network. Various other methods, systems, and computer-readable media are also disclosed.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for automatically configuring virtual private networks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
 establishing a secure connection between a client and a network by performing at least one of:
 establishing a physical Ethernet connection of the client to the network; and 
 establishing an encrypted wireless local area network connection of the client to the network; 
 
 broadcasting by the client on the network to discover a virtual private network server configured to manage virtual private networks, the virtual private network server being hidden from clients that establish unsecure connections to the network; 
 discovering, by the client in response to the broadcast, the virtual private network server; 
 establishing an additional secure connection between the client and the virtual private network server in response to the discovery, approval of the additional secure connection being based on the ability of the client to discover the virtual private network server that is hidden from clients that establish unsecure connections to the network; 
 in response to establishing the additional secure connection between the client and the virtual private network server, receiving, by the client from the virtual private network server through the additional secure connection, configuration settings that enable the client to automatically connect to a virtual private network, the configuration settings specifying a virtual private network protocol and an internet accessible hostname that enables the client to establish the virtual private network with a destination server; and 
 establishing, after establishing the additional secure connection between the client and the virtual private network server, a virtual private network connection between the client and the destination server using the received configuration settings specifying the virtual private network protocol and the internet accessible hostname. 
 
     
     
       2. The computer-implemented method of  claim 1 , wherein
 broadcasting comprises broadcasting using at least one of: 
 broadcast packets; 
 zero configuration networking; and 
 universal plug and play. 
 
     
     
       3. The computer-implemented method of  claim 1 , wherein establishing the additional secure connection comprises the client providing client information comprising at least one of:
 a name of the client; 
 a device type of the client; and 
 an owner of the client. 
 
     
     
       4. The computer-implemented method of  claim 3 , wherein establishing the additional secure connection comprises:
 presenting the client information to an administrator during an approval process. 
 
     
     
       5. The computer-implemented method of  claim 1 , wherein establishing the additional secure connection comprises:
 presenting an option to the client to connect to the virtual private network. 
 
     
     
       6. The computer-implemented method of  claim 4 , wherein establishing the additional secure connection comprises:
 receiving approval from the administrator for the client to receive the configuration settings. 
 
     
     
       7. The computer-implemented method of  claim 6 , wherein receiving approval from the administrator comprises receiving the approval in response to presenting the client information to the administrator. 
     
     
       8. The computer-implemented method of  claim 6 , further comprising instructing the virtual private network server to establish the additional secure connection in response to receiving the approval from the administrator. 
     
     
       9. The computer-implemented method of  claim 1 , wherein the additional secure connection encrypts communications at a transport layer. 
     
     
       10. The computer-implemented method of  claim 9 , wherein the additional secure connection uses at least one of a transport layer security protocol and a secure sockets layer protocol. 
     
     
       11. The computer-implemented method of  claim 1 , wherein establishing the additional secure connection comprises:
 the client transmitting a first security certificate to the virtual private network server; and 
 the virtual private network server transmitting a second security certificate to the client, wherein: 
 the client and the virtual private network server authenticate each other. 
 
     
     
       12. The computer-implemented method of  claim 1 , wherein receiving the configuration settings comprises receiving:
 a username; and 
 a password. 
 
     
     
       13. The computer-implemented method of  claim 1 , wherein the specification of the virtual private network protocol indicates at least one of:
 point-to-point tunneling protocol; 
 layer 2 tunneling protocol; 
 public key infrastructure protocol; 
 secure socket tunneling protocol; and 
 protected extensible authentication protocol. 
 
     
     
       14. The computer-implemented method of  claim 1 , wherein
 the virtual private network server is hidden by a gateway limiting networks on which the virtual private network server is discoverable. 
 
     
     
       15. The computer-implemented method of  claim 1 , wherein the virtual private network server is hidden by virtual networking. 
     
     
       16. A system for automatically configuring virtual private networks, the system comprising:
 a broadcast module programmed to:
 establish a secure connection between a client and a network by performing at least one of:
 establishing a physical Ethernet connection of the client to the network; and 
 establishing an encrypted wireless local area network connection of the client to the network; 
 
 broadcast, as part of the client, on the network to discover a virtual private network server configured to manage virtual private networks, the virtual private network server being hidden from clients that establish unsecure connections to the network; 
 
 a discovery module programmed to discover, as part of the client and in response to the broadcast, the virtual private network server; 
 a connection module programmed to establish an additional secure connection between the client and the virtual private network server in response to the discovery, approval of the additional secure connection being based on the ability of the client to discover the virtual private network server that is hidden from clients that establish unsecure connections to the network; 
 a reception module programmed to receive, in response to the additional secure connection being established between the client and the virtual private network server, as part of the client and from the virtual private network server through the additional secure connection, configuration settings that enable the client to automatically connect to a virtual private network, the configuration settings specifying a virtual private network protocol and an internet accessible hostname that enables the client to establish the virtual private network with a destination server; 
 wherein the connection module is further programmed to establish, after establishing the additional secure connection between the client and the virtual private network server, a virtual private network connection between the client and the destination server using the received configuration settings specifying the virtual private network protocol and the internet accessible hostname; and 
 at least one processor configured to execute the broadcast module, the discovery module, the connection module, and the reception module. 
 
     
     
       17. The system of  claim 16 , wherein the broadcast module is programmed to broadcast using at least one of:
 broadcast packets; 
 zero configuration networking; and 
 universal plug and play. 
 
     
     
       18. The system of  claim 16 , wherein the connection module is programmed to establish the additional secure connection at least in part by providing client information comprising at least one of:
 a name of the client; 
 a device type of the client; and 
 an owner of the client. 
 
     
     
       19. The system of  claim 18 , wherein the connection module is programmed to establish the additional secure connection at least in part by:
 presenting the client information to an administrator during an approval process. 
 
     
     
       20. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
 establish a secure connection between a client and a network by performing at least one of:
 establishing a physical Ethernet connection of the client to the network; and 
 establishing an encrypted wireless local area network connection of the client to the network; 
 
 broadcast by the client on the network to discover a virtual private network server configured to manage virtual private networks, the virtual private network server being hidden from clients that establish unsecure connections to the network;
 discover, by the client in response to the broadcast, the virtual private network server; 
 establish an additional secure connection between the client and the virtual private network server in response to the discovery, approval of the additional secure connection being based on the ability of the client to discover the virtual private network server that is hidden from clients that establish unsecure connections to the network; 
 in response to establishing the additional secure connection between the client and the virtual private network server, receive, by the client from the virtual private network server through the additional secure connection, configuration settings that enable the client to automatically connect to a virtual private network, the configuration settings specifying a virtual private network protocol and an internet accessible hostname that enables the client to establish the virtual private network with a destination server; and 
 establish, after establishing the additional secure connection between the client and the virtual private network server, a virtual private network connection between the client and the destination server using the received configuration settings specifying the virtual private network protocol and the internet accessible hostname.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.